CVE-2022-24376
CVE-2022-24376 (git-promise) is a command-injection vulnerability affecting all versions of the package due to an inappropriate fix of a prior issue. The available documents consistently state that there is no fixed version and that the README contains a warning about this vulnerability. The prac...